Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infiziert? Hijackthis scan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.12.2010, 09:20   #1
joniboy@gmx.
 
Infiziert? Hijackthis scan - Ausrufezeichen

Infiziert? Hijackthis scan



hallo leute,

ich bin neu hier und habe ein problem. wenn ich mit hjt so eine vistascanlist anfertige dann finde ich da nur beim groben überfliegen auffällige dateinamen etc.
zum beispiel
Twunk_32.
und so weiter, kann sich das jmd. mal bitte genauer angucken?! Ich kenne mich da nicht soo gut aus. Bitte helft mir


Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  25.12.2010 20:40     C:\ProgramData --------- 12288   
  25.12.2010 20:40     C:\Program Files --------- 40960   
  25.12.2010 20:14     C:\My Record --------- 4096   
  25.12.2010 19:08     C:\System Volume Information --------- 32768   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  19.12.2010 14:18     C:\aaa- spiele nds --------- 0   
  13.12.2010 10:09     C:\InstallHelper.log --------- 512   
  13.12.2010 09:59     C:\Windows --------- 28672   
  13.12.2010 09:56     C:\Sierra --------- 0   
  08.12.2010 18:54     C:\SwSetup --------- 16384   
  30.11.2010 20:16     C:\COOL16 --------- 0   
  30.11.2010 20:11     C:\joniboy@gmx.de --------- 0   
  14.11.2010 13:11     C:\aikwdat --------- 4096   
  14.11.2010 12:59     C:\found.002 --------- 0   
  08.11.2010 17:34     C:\output --------- 0   
  27.10.2010 16:11     C:\Temp --------- 0   
  08.10.2010 09:26     C:\Emergency Saarland Mod V.0.3.e4mod --------- 82292960   
  08.10.2010 08:22     C:\Loksim3D --------- 8192   
  24.08.2010 19:04     C:\found.001 --------- 0   
  07.05.2010 13:53     C:\$RECYCLE.BIN --------- 4096   
  07.05.2010 13:52     C:\Users --------- 8192   
  09.12.2009 13:26     C:\NICE2 --------- 8192   
  25.10.2009 15:57     C:\boot --------- 4096   
  03.08.2009 18:26     C:\X-System 626 --------- 0   
  14.06.2009 08:11     C:\found.000 --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  03.02.2009 17:48     C:\Maps --------- 0   
  03.02.2009 17:21     C:\IO.SYS --------- 0   
  03.02.2009 17:21     C:\MSDOS.SYS --------- 0   
  01.12.2008 15:07     C:\HP --------- 4096   
  01.12.2008 15:07     C:\IPH.PH --------- 373   
  01.12.2008 15:06     C:\System.sav --------- 0   
  01.12.2008 15:00     C:\Programme --------- 0   
  01.12.2008 15:00     C:\Dokumente und Einstellungen --------- 0   
  19.09.2008 00:22     C:\Intel --------- 0   
  02.07.2008 08:38     C:\MSOCache --------- 0   
  21.01.2008 03:32     C:\PerfLogs --------- 0   
  02.11.2006 14:02     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
  17.06.2000 19:51     C:\rechts.bmp --------- 115256   
  17.06.2000 19:49     C:\back.bmp --------- 801184   
  17.06.2000 19:46     C:\titel2.bmp --------- 921656   
  12.06.2000 12:55     C:\readme.txt --------- 866   
  28.02.2000 18:29     C:\worm.exe --------- 275669   
  04.12.1999 20:03     C:\hilfe.txt --------- 270   
  14.11.1999 23:14     C:\leben.bmp --------- 1574   
  14.11.1999 22:49     C:\logo.bmp --------- 7094   
  03.11.1997 06:00     C:\NViewLib.dll --------- 265216   
----------------------------------------

 
C:\Windows

  25.12.2010 20:28     C:\Windows\WindowsUpdate.log --------- 1277183   
  25.12.2010 18:50     C:\Windows\setupact.log --------- 1255728   
  25.12.2010 18:47     C:\Windows\bootstat.dat --------- 67584   
  21.12.2010 06:38     C:\Windows\PFRO.log --------- 169034   
  13.12.2010 09:56     C:\Windows\SIERRA.INI --------- 251   
  13.12.2010 09:19     C:\Windows\WININIT.INI --------- 25   
  08.12.2010 19:04     C:\Windows\DPINST.LOG --------- 33254   
  03.12.2010 15:31     C:\Windows\MEMORY.DMP --------- 356616753   
  24.11.2010 15:47     C:\Windows\DirectX.log --------- 328637   
  14.08.2010 10:28     C:\Windows\DIFx.log --------- 2342   
  26.04.2010 19:02     C:\Windows\uninstdl.bat --------- 590   
  17.04.2010 00:45     C:\Windows\WLXPGSS.SCR --------- 307056   
  05.04.2010 12:13     C:\Windows\Setup1.exe --------- 290816   
  05.04.2010 12:13     C:\Windows\ST6UNST.EXE --------- 74752   
  07.03.2010 14:39     C:\Windows\system.ini --------- 235   
  17.02.2010 16:04     C:\Windows\msxml4-KB973688-enu.LOG --------- 298364   
  31.12.2009 09:44     C:\Windows\mgxoschk.ini --------- 7119   
  14.07.2009 13:22     C:\Windows\eReg.dat --------- 1482   
  18.05.2009 11:10     C:\Windows\ie8_main.log --------- 2084   
  12.05.2009 08:36     C:\Windows\win.ini --------- 412   
  14.04.2009 18:43     C:\Windows\ntbtlog.txt --------- 351792   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  23.01.2009 06:54     C:\Windows\ssndii.exe --------- 479232   
  01.12.2008 16:13     C:\Windows\msxml4-KB954430-enu.LOG --------- 287146   
  19.09.2008 10:05     C:\Windows\CSUP.txt --------- 12   
  19.09.2008 00:54     C:\Windows\DtcInstall.log --------- 5506   
  19.09.2008 00:54     C:\Windows\SETUPAPI.LOG --------- 1558   
  19.09.2008 00:18     C:\Windows\xUninstall.bat --------- 251   
  19.09.2008 00:12     C:\Windows\TSSysprep.log --------- 5949   
  02.07.2008 08:00     C:\Windows\HPQLB.LOG --------- 6949   
  15.04.2008 19:17     C:\Windows\sttray.exe --------- 442433   
  21.01.2008 03:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 03:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 03:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 03:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 03:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 03:23     C:\Windows\notepad.exe --------- 151040   
  13.08.2007 03:47     C:\Windows\Dr. Printer Icon.ico --------- 11502   
  02.11.2006 13:52     C:\Windows\setuperr.log --------- 0   
  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  23.06.2000 11:46     C:\Windows\WMPrfDeu.prx --------- 33820   
  29.10.1998 15:45     C:\Windows\IsUninst.exe --------- 306688   
  21.10.1998 17:43     C:\Windows\IsUn0407.exe --------- 328704   
  02.09.1998 18:07     C:\Windows\Creator.INI --------- 253   
----------------------------------------

 
C:\Windows\System

 01.12.2008 15:10      C:\Windows\System\hpsysdrv.dat --------- 44 
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 25.12.2010 20:47     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 25.12.2010 20:47     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 25.12.2010 20:40     C:\Windows\system32\drivers --------- 65536  
 20.12.2010 20:22     C:\Windows\system32\perfh009.dat --------- 595996  
 20.12.2010 20:22     C:\Windows\system32\perfc009.dat --------- 104070  
 20.12.2010 20:22     C:\Windows\system32\perfh007.dat --------- 628742  
 20.12.2010 20:22     C:\Windows\system32\perfc007.dat --------- 126454  
 20.12.2010 20:22     C:\Windows\system32\PerfStringBackup.INI --------- 1445310  
 19.12.2010 07:54     C:\Windows\system32\catroot2 --------- 4096  
 15.12.2010 18:16     C:\Windows\system32\FNTCACHE.DAT --------- 334128  
 15.12.2010 18:09     C:\Windows\system32\migration --------- 0  
 15.12.2010 18:01     C:\Windows\system32\de-DE --------- 196608  
 15.12.2010 18:00     C:\Windows\system32\catroot --------- 4096  
 13.12.2010 10:16     C:\Windows\system32\DRVSTORE --------- 0  
 13.12.2010 10:13     C:\Windows\system32\MAGIX --------- 0  
 12.12.2010 18:11     C:\Windows\system32\Tasks --------- 4096  
 01.12.2010 14:11     C:\Windows\system32\termcap --------- 862  
 23.11.2010 18:33     C:\Windows\system32\TVUAx --------- 4096  
 15.11.2010 18:01     C:\Windows\system32\en-US --------- 147456  
 10.11.2010 18:00     C:\Windows\system32\mrt.exe --------- 35758536  
 04.11.2010 19:56     C:\Windows\system32\wmicmiplugin.dll --------- 345600  
 04.11.2010 19:55     C:\Windows\system32\taskschd.dll --------- 352768  
 04.11.2010 19:55     C:\Windows\system32\taskcomp.dll --------- 270336  
 04.11.2010 19:55     C:\Windows\system32\schedsvc.dll --------- 601600  
 04.11.2010 17:34     C:\Windows\system32\taskeng.exe --------- 171520  
 02.11.2010 07:01     C:\Windows\system32\wininet.dll --------- 916480  
 02.11.2010 07:01     C:\Windows\system32\urlmon.dll --------- 1210880  
 02.11.2010 07:00     C:\Windows\system32\occache.dll --------- 206848  
 02.11.2010 06:58     C:\Windows\system32\mstime.dll --------- 611840  
 02.11.2010 06:58     C:\Windows\system32\mshtmled.dll --------- 66560  
 02.11.2010 06:58     C:\Windows\system32\mshtml.dll --------- 5959168  
 02.11.2010 06:58     C:\Windows\system32\msfeeds.dll --------- 602112  
 02.11.2010 06:58     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 02.11.2010 06:57     C:\Windows\system32\licmgr10.dll --------- 43520  
 02.11.2010 06:57     C:\Windows\system32\jsproxy.dll --------- 25600  
 02.11.2010 06:57     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 02.11.2010 06:57     C:\Windows\system32\ieui.dll --------- 164352  
 02.11.2010 06:57     C:\Windows\system32\iesysprep.dll --------- 109056  
 02.11.2010 06:57     C:\Windows\system32\iertutil.dll --------- 1991680  
 02.11.2010 06:57     C:\Windows\system32\iesetup.dll --------- 71680  
 02.11.2010 06:57     C:\Windows\system32\iernonce.dll --------- 55808  
 02.11.2010 06:57     C:\Windows\system32\iepeers.dll --------- 184320  
 02.11.2010 06:57     C:\Windows\system32\ieframe.dll --------- 11080704  
 02.11.2010 06:57     C:\Windows\system32\iedkcs32.dll --------- 387584  
 02.11.2010 06:01     C:\Windows\system32\html.iec --------- 385024  
 02.11.2010 05:26     C:\Windows\system32\ieUnatt.exe --------- 133632  
 02.11.2010 05:25     C:\Windows\system32\ie4uinit.exe --------- 173568  
 02.11.2010 05:25     C:\Windows\system32\msfeedssync.exe --------- 13312  
 02.11.2010 05:24     C:\Windows\system32\mshtml.tlb --------- 1638912  
 28.10.2010 16:44     C:\Windows\system32\atmlib.dll --------- 34304  
 28.10.2010 14:27     C:\Windows\system32\atmfd.dll --------- 292352  
 28.10.2010 14:20     C:\Windows\system32\tzres.dll --------- 2048  
 27.10.2010 21:44     C:\Windows\system32\inetwh32.dll --------- 49152  
 27.10.2010 21:44     C:\Windows\system32\roboex32.dll --------- 1044480  
 19.10.2010 10:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 18.10.2010 14:37     C:\Windows\system32\consent.exe --------- 81920  
 18.10.2010 14:31     C:\Windows\system32\win32k.sys --------- 2038272  
 15.10.2010 10:41     C:\Windows\system32\DOErrors.log --------- 52  
 14.10.2010 01:36     C:\Windows\system32\xlive.dll --------- 15451288  
 14.10.2010 01:36     C:\Windows\system32\xlivefnt.dll --------- 13642904  
 14.10.2010 01:36     C:\Windows\system32\xlive.dll.cat --------- 179263  
 19.09.2010 19:07     C:\Windows\system32\WDI --------- 8192  
 13.09.2010 16:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 14:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 06.09.2010 17:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 17:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 16:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 16:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 16:44     C:\Windows\system32\comctl32.dll --------- 531968  
 29.08.2010 11:37     C:\Windows\system32\CmdLineExt03.dll --------- 43520  
 26.08.2010 17:37     C:\Windows\system32\t2embed.dll --------- 157184  
 26.08.2010 17:34     C:\Windows\system32\gameux.dll --------- 1696256  
 26.08.2010 17:33     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 26.08.2010 15:23     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 20.08.2010 17:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 17.08.2010 15:11     C:\Windows\system32\spoolsv.exe --------- 128000  
 14.08.2010 10:28     C:\Windows\system32\xlive --------- 0  
 10.08.2010 16:53     C:\Windows\system32\schannel.dll --------- 274944  
 26.07.2010 16:51     C:\Windows\system32\shell32.dll --------- 11584512  
 04.07.2010 19:07     C:\Windows\system32\FsUsbExService.Exe --------- 238952  
 04.07.2010 13:54     C:\Windows\system32\wbem --------- 65536  
 28.06.2010 18:00     C:\Windows\system32\ole32.dll --------- 1316864  
 18.06.2010 18:31     C:\Windows\system32\rtutils.dll --------- 36864  
 16.06.2010 16:30     C:\Windows\system32\fontsub.dll --------- 72704  
 14.06.2010 09:32     C:\Windows\system32\FsUsbExDisk.Sys --------- 36608  
 14.06.2010 09:32     C:\Windows\system32\FsUsbExDevice.Dll --------- 110592  
 11.06.2010 17:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 08.06.2010 18:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 18:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 27.05.2010 21:08     C:\Windows\system32\inetcomm.dll --------- 739328  
 27.05.2010 21:08     C:\Windows\system32\iccvid.dll --------- 81920  
 18.05.2010 15:35     C:\Windows\system32\dnssdX.dll --------- 197920  
 18.05.2010 15:35     C:\Windows\system32\dns-sd.exe --------- 107808  
 18.05.2010 15:35     C:\Windows\system32\dnssd.dll --------- 91424  
 18.05.2010 15:35     C:\Windows\system32\jdns_sd.dll --------- 75040  
 04.05.2010 20:13     C:\Windows\system32\msshsq.dll --------- 231424  
 27.04.2010 14:45     C:\Windows\system32\xliveinstall.dll --------- 187544  
 27.04.2010 14:45     C:\Windows\system32\xliveinstallhost.exe --------- 72856  
 19.04.2010 19:47     C:\Windows\system32\usbaaplrc.dll --------- 3062048  
 16.04.2010 17:46     C:\Windows\system32\usp10.dll --------- 502272  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 25.12.2010 18:48     C:\Windows\Tasks\AWC Startup.job --------- 370  
 25.12.2010 18:47     C:\Windows\Tasks\SA.DAT --------- 6  
 22.12.2010 15:44     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32626  
----------------------------------------

 
C:\Windows\Temp

 25.12.2010 19:08     C:\Windows\Temp\MpCmdRun.log --------- 337690  
 25.12.2010 19:08     C:\Windows\Temp\MpSigStub.log --------- 201056  
 25.12.2010 18:50     C:\Windows\Temp\DMIF2F5.tmp --------- 0  
 25.12.2010 18:50     C:\Windows\Temp\DMIAFAF.tmp --------- 0  
 22.12.2010 14:41     C:\Windows\Temp\DMID603.tmp --------- 0  
 22.12.2010 14:41     C:\Windows\Temp\DMIA1BA.tmp --------- 0  
 22.12.2010 06:45     C:\Windows\Temp\DMI5907.tmp --------- 0  
 22.12.2010 06:44     C:\Windows\Temp\DMIFCC5.tmp --------- 0  
 21.12.2010 18:51     C:\Windows\Temp\DMIFCB5.tmp --------- 0  
 21.12.2010 18:51     C:\Windows\Temp\DMIDB50.tmp --------- 0  
 21.12.2010 15:42     C:\Windows\Temp\DMI494E.tmp --------- 0  
 21.12.2010 15:42     C:\Windows\Temp\DMI6E2.tmp --------- 0  
 21.12.2010 06:41     C:\Windows\Temp\DMICE17.tmp --------- 0  
 21.12.2010 06:41     C:\Windows\Temp\DMIACB2.tmp --------- 0  
 20.12.2010 15:57     C:\Windows\Temp\DMI4C3B.tmp --------- 0  
 20.12.2010 15:57     C:\Windows\Temp\DMI7F0E.tmp --------- 0  
 20.12.2010 06:44     C:\Windows\Temp\TMP00000042040416327E9D2CE2 --------- 524288  
 20.12.2010 06:44     C:\Windows\Temp\DMI6769.tmp --------- 0  
 20.12.2010 06:43     C:\Windows\Temp\DMI1747.tmp --------- 0  
 19.12.2010 20:17     C:\Windows\Temp\DMI813F.tmp --------- 0  
 19.12.2010 20:17     C:\Windows\Temp\DMI45F4.tmp --------- 0  
 19.12.2010 12:07     C:\Windows\Temp\DMICF20.tmp --------- 0  
 19.12.2010 12:07     C:\Windows\Temp\DMI9201.tmp --------- 0  
 19.12.2010 07:55     C:\Windows\Temp\DMIC013.tmp --------- 0  
 19.12.2010 07:55     C:\Windows\Temp\DMI89E7.tmp --------- 0  
 18.12.2010 13:01     C:\Windows\Temp\DMI79E.tmp --------- 0  
 18.12.2010 13:01     C:\Windows\Temp\DMIDD63.tmp --------- 0  
 18.12.2010 09:13     C:\Windows\Temp\ehprivjob.log --------- 0  
 18.12.2010 08:37     C:\Windows\Temp\DMIFD90.tmp --------- 0  
 18.12.2010 08:36     C:\Windows\Temp\DMIBEEB.tmp --------- 0  
 17.12.2010 15:37     C:\Windows\Temp\DMI1351.tmp --------- 0  
 17.12.2010 15:37     C:\Windows\Temp\DMID6CF.tmp --------- 0  
 17.12.2010 06:40     C:\Windows\Temp\DMI645D.tmp --------- 0  
 17.12.2010 06:39     C:\Windows\Temp\DMIF95B.tmp --------- 0  
 16.12.2010 15:53     C:\Windows\Temp\DMI18AE.tmp --------- 0  
 16.12.2010 15:53     C:\Windows\Temp\DMIE7EE.tmp --------- 0  
 16.12.2010 06:38     C:\Windows\Temp\DMI4874.tmp --------- 0  
 16.12.2010 06:38     C:\Windows\Temp\DMI18CD.tmp --------- 0  
 15.12.2010 18:19     C:\Windows\Temp\DMI56B7.tmp --------- 0  
 15.12.2010 18:19     C:\Windows\Temp\DMI1A91.tmp --------- 0  
 15.12.2010 14:18     C:\Windows\Temp\DMI1238.tmp --------- 0  
 15.12.2010 14:18     C:\Windows\Temp\DMID1BF.tmp --------- 0  
 15.12.2010 06:07     C:\Windows\Temp\DMIDC3A.tmp --------- 0  
 15.12.2010 06:07     C:\Windows\Temp\DMIAFCE.tmp --------- 0  
 14.12.2010 20:35     C:\Windows\Temp\DMIAD8.tmp --------- 0  
 14.12.2010 20:35     C:\Windows\Temp\DMIE30E.tmp --------- 0  
 14.12.2010 14:38     C:\Windows\Temp\DMIC1C8.tmp --------- 0  
 14.12.2010 14:38     C:\Windows\Temp\DMI8BCA.tmp --------- 0  
 14.12.2010 06:36     C:\Windows\Temp\DMIC428.tmp --------- 0  
 14.12.2010 06:36     C:\Windows\Temp\DMI9452.tmp --------- 0  
 13.12.2010 16:53     C:\Windows\Temp\DMI750.tmp --------- 0  
 13.12.2010 16:52     C:\Windows\Temp\DMID6CE.tmp --------- 0  
 13.12.2010 15:49     C:\Windows\Temp\DMIAC64.tmp --------- 0  
 13.12.2010 15:48     C:\Windows\Temp\DMI6D91.tmp --------- 0  
 13.12.2010 10:24     C:\Windows\Temp\DMID3C2.tmp --------- 0  
 13.12.2010 10:24     C:\Windows\Temp\DMIA218.tmp --------- 0  
 13.12.2010 09:16     C:\Windows\Temp\DMIED5A.tmp --------- 0  
 13.12.2010 09:15     C:\Windows\Temp\DMIA12E.tmp --------- 0  
 12.12.2010 18:09     C:\Windows\Temp\DMI4FE3.tmp --------- 0  
 12.12.2010 18:09     C:\Windows\Temp\DMI7CD.tmp --------- 0  
 12.12.2010 09:37     C:\Windows\Temp\DMIFF25.tmp --------- 0  
 12.12.2010 09:37     C:\Windows\Temp\DMIC62B.tmp --------- 0  
 11.12.2010 16:21     C:\Windows\Temp\DMI4FD5.tmp --------- 0  
 11.12.2010 16:21     C:\Windows\Temp\DMID152.tmp --------- 0  
----------------------------------------

 
C:\Users\COOL16\AppData\Local\Temp

 25.12.2010 20:51     C:\Users\COOL16\AppData\Local\Temp\Temp1_stronghold2_plus6_v12.zip --------- 0  
 25.12.2010 20:44     C:\Users\COOL16\AppData\Local\Temp\~DF96AA.tmp --------- 81920  
 25.12.2010 20:40     C:\Users\COOL16\AppData\Local\Temp\COOL16.bmp --------- 31832  
 25.12.2010 18:49     C:\Users\COOL16\AppData\Local\Temp\WPDNSE --------- 0  
 25.12.2010 18:48     C:\Users\COOL16\AppData\Local\Temp\MUI --------- 0  
 22.12.2010 15:43     C:\Users\COOL16\AppData\Local\Temp\ehmsas.txt --------- 1598  
 22.12.2010 15:43     C:\Users\COOL16\AppData\Local\Temp\wmplog04.sqm --------- 1658  
 22.12.2010 15:42     C:\Users\COOL16\AppData\Local\Temp\wmplog03.sqm --------- 1394  
 22.12.2010 15:42     C:\Users\COOL16\AppData\Local\Temp\wmplog02.sqm --------- 1394  
 22.12.2010 15:31     C:\Users\COOL16\AppData\Local\Temp\CVRF057.tmp --------- 0  
 21.12.2010 18:45     C:\Users\COOL16\AppData\Local\Temp\jusched.log --------- 46365  
 19.12.2010 20:15     C:\Users\COOL16\AppData\Local\Temp\WEREB76.tmp.version.txt --------- 476  
 19.12.2010 14:24     C:\Users\COOL16\AppData\Local\Temp\8YeBJz0q.rar.part --------- 828272  
 18.12.2010 13:32     C:\Users\COOL16\AppData\Local\Temp\wmplog01.sqm --------- 1450  
 18.12.2010 12:08     C:\Users\COOL16\AppData\Local\Temp\wmplog00.sqm --------- 1734  
 16.12.2010 19:41     C:\Users\COOL16\AppData\Local\Temp\msohtmlclip1 --------- 0  
 13.12.2010 14:53     C:\Users\COOL16\AppData\Local\Temp\Temp2_[MaxUpload.com]GrepolisBot_v1.9.6.zip --------- 0  
 13.12.2010 14:46     C:\Users\COOL16\AppData\Local\Temp\Temp1_[MaxUpload.com]GrepolisBot_v1.9.6.zip --------- 0  
 13.12.2010 14:16     C:\Users\COOL16\AppData\Local\Temp\plugtmp-9 --------- 0  
 13.12.2010 13:34     C:\Users\COOL16\AppData\Local\Temp\Low --------- 0  
 13.12.2010 10:09     C:\Users\COOL16\AppData\Local\Temp\MSI41ee6.LOG --------- 523886  
 13.12.2010 09:53     C:\Users\COOL16\AppData\Local\Temp\{43927a71-7544-4629-ae15-11c957b2bfb2} --------- 0  
 12.12.2010 10:24     C:\Users\COOL16\AppData\Local\Temp\7zO7A20.tmp --------- 0  
 08.12.2010 16:05     C:\Users\COOL16\AppData\Local\Temp\SkypeSetup.exe --------- 17703304  
 08.12.2010 15:47     C:\Users\COOL16\AppData\Local\Temp\PDFCreator --------- 0  
 08.12.2010 15:40     C:\Users\COOL16\AppData\Local\Temp\~DF7824.tmp --------- 65536  
 08.12.2010 15:14     C:\Users\COOL16\AppData\Local\Temp\_fsf --------- 0  
 08.12.2010 14:53     C:\Users\COOL16\AppData\Local\Temp\5918506.od --------- 134  
 08.12.2010 14:53     C:\Users\COOL16\AppData\Local\Temp\CVR4F2A.tmp.cvr --------- 0  
 05.12.2010 13:14     C:\Users\COOL16\AppData\Local\Temp\r6s8aS3p.exe.part --------- 136206  
 05.12.2010 12:56     C:\Users\COOL16\AppData\Local\Temp\plugtmp-8 --------- 0  
 04.12.2010 12:17     C:\Users\COOL16\AppData\Local\Temp\7544613.od --------- 134  
 04.12.2010 12:17     C:\Users\COOL16\AppData\Local\Temp\CVR1F25.tmp.cvr --------- 0  
 04.12.2010 09:23     C:\Users\COOL16\AppData\Local\Temp\{375dadc3-fa36-4a53-87c4-3e6cbe70533c} --------- 0  
 02.12.2010 17:38     C:\Users\COOL16\AppData\Local\Temp\plugtmp-7 --------- 0  
 02.12.2010 10:27     C:\Users\COOL16\AppData\Local\Temp\~TMD3D4.tmp --------- 198656  
 30.11.2010 13:20     C:\Users\COOL16\AppData\Local\Temp\tmp21a63cfa --------- 0  
 30.11.2010 13:19     C:\Users\COOL16\AppData\Local\Temp\tmp6a3a1faf --------- 0  
 28.11.2010 11:02     C:\Users\COOL16\AppData\Local\Temp\7zOB87.tmp --------- 0  
 28.11.2010 11:02     C:\Users\COOL16\AppData\Local\Temp\7zO7B2C.tmp --------- 0  
 27.11.2010 13:35     C:\Users\COOL16\AppData\Local\Temp\Temp1_112185.zip --------- 0  
 27.11.2010 11:49     C:\Users\COOL16\AppData\Local\Temp\WERB010.tmp.appcompat.txt --------- 37832  
 25.11.2010 19:24     C:\Users\COOL16\AppData\Local\Temp\CVRD145.tmp.cvr --------- 2568  
 25.11.2010 19:23     C:\Users\COOL16\AppData\Local\Temp\8966469.od --------- 134  
 24.11.2010 16:16     C:\Users\COOL16\AppData\Local\Temp\plugtmp-6 --------- 0  
 23.11.2010 19:04     C:\Users\COOL16\AppData\Local\Temp\WC9467.tmp --------- 0  
 23.11.2010 18:59     C:\Users\COOL16\AppData\Local\Temp\{77c05365-6d43-4460-bd72-3c8d485112bc} --------- 0  
 23.11.2010 15:15     C:\Users\COOL16\AppData\Local\Temp\7zOF833.tmp --------- 0  
 23.11.2010 15:05     C:\Users\COOL16\AppData\Local\Temp\7zO5090.tmp --------- 0  
 22.11.2010 18:34     C:\Users\COOL16\AppData\Local\Temp\7zO1074.tmp --------- 0  
 22.11.2010 18:07     C:\Users\COOL16\AppData\Local\Temp\plugtmp-5 --------- 0  
 20.11.2010 10:42     C:\Users\COOL16\AppData\Local\Temp\plugtmp-4 --------- 0  
 19.11.2010 15:16     C:\Users\COOL16\AppData\Local\Temp\SIntfNT.dll --------- 24744  
 19.11.2010 15:16     C:\Users\COOL16\AppData\Local\Temp\SIntf32.dll --------- 20016  
 19.11.2010 15:16     C:\Users\COOL16\AppData\Local\Temp\SIntf16.dll --------- 12305  
 17.11.2010 13:04     C:\Users\COOL16\AppData\Local\Temp\12132915.od --------- 134  
 17.11.2010 13:04     C:\Users\COOL16\AppData\Local\Temp\12132915.cvr --------- 4688  
 17.11.2010 12:58     C:\Users\COOL16\AppData\Local\Temp\11746485.od --------- 134  
 17.11.2010 12:58     C:\Users\COOL16\AppData\Local\Temp\CVR3CB5.tmp.cvr --------- 0  
 17.11.2010 12:12     C:\Users\COOL16\AppData\Local\Temp\OneNoteRuntimeCache --------- 0  
 17.11.2010 12:11     C:\Users\COOL16\AppData\Local\Temp\OneNote_MigrationLog.txt --------- 62  
 16.11.2010 16:42     C:\Users\COOL16\AppData\Local\Temp\7zO8835.tmp --------- 0  
 14.11.2010 19:00     C:\Users\COOL16\AppData\Local\Temp\robxqhq0.bmp --------- 954  
 14.11.2010 12:23     C:\Users\COOL16\AppData\Local\Temp\plugtmp-3 --------- 0  
 13.11.2010 16:45     C:\Users\COOL16\AppData\Local\Temp\Word8.0 --------- 0  
 11.11.2010 19:47     C:\Users\COOL16\AppData\Local\Temp\13891998.od --------- 134  
 11.11.2010 19:47     C:\Users\COOL16\AppData\Local\Temp\13891982.cvr --------- 15072  
 11.11.2010 16:08     C:\Users\COOL16\AppData\Local\Temp\751846.od --------- 134  
 11.11.2010 16:08     C:\Users\COOL16\AppData\Local\Temp\CVR781C.tmp.cvr --------- 0  
 10.11.2010 12:04     C:\Users\COOL16\AppData\Local\Temp\U7J3qmuA.rar.part --------- 365592  
 09.11.2010 18:37     C:\Users\COOL16\AppData\Local\Temp\3pln8ztp.rar.part --------- 8162818  
 06.11.2010 13:50     C:\Users\COOL16\AppData\Local\Temp\drm_dyndata_7400006.dll --------- 204800  
 02.11.2010 19:26     C:\Users\COOL16\AppData\Local\Temp\TCDDE73.tmp --------- 0  
 02.11.2010 19:25     C:\Users\COOL16\AppData\Local\Temp\15785460.od --------- 134  
 02.11.2010 19:25     C:\Users\COOL16\AppData\Local\Temp\CVRDDF4.tmp.cvr --------- 0  
 01.11.2010 15:44     C:\Users\COOL16\AppData\Local\Temp\pptEF75.tmp --------- 0  
 01.11.2010 15:34     C:\Users\COOL16\AppData\Local\Temp\ppt3F1A.tmp --------- 0  
 30.10.2010 12:49     C:\Users\COOL16\AppData\Local\Temp\21925347.od --------- 134  
 30.10.2010 12:49     C:\Users\COOL16\AppData\Local\Temp\21925347.cvr --------- 4640  
 30.10.2010 11:40     C:\Users\COOL16\AppData\Local\Temp\17805220.od --------- 134  
 30.10.2010 11:40     C:\Users\COOL16\AppData\Local\Temp\CVRAFA4.tmp.cvr --------- 0  
 29.10.2010 17:31     C:\Users\COOL16\AppData\Local\Temp\10761338.od --------- 134  
 29.10.2010 17:31     C:\Users\COOL16\AppData\Local\Temp\10761338.cvr --------- 2072  
 29.10.2010 17:29     C:\Users\COOL16\AppData\Local\Temp\10642466.od --------- 134  
 29.10.2010 17:29     C:\Users\COOL16\AppData\Local\Temp\CVR6422.tmp.cvr --------- 0  
 28.10.2010 19:06     C:\Users\COOL16\AppData\Local\Temp\13745794.od --------- 134  
 28.10.2010 19:06     C:\Users\COOL16\AppData\Local\Temp\13745794.cvr --------- 4452  
 28.10.2010 18:54     C:\Users\COOL16\AppData\Local\Temp\13023228.od --------- 134  
 28.10.2010 18:54     C:\Users\COOL16\AppData\Local\Temp\CVRB7ED.tmp.cvr --------- 0  
 28.10.2010 18:20     C:\Users\COOL16\AppData\Local\Temp\wmsetup.log --------- 4281  
 28.10.2010 17:54     C:\Users\COOL16\AppData\Local\Temp\CLW2DB4.tmp --------- 2996  
 28.10.2010 17:54     C:\Users\COOL16\AppData\Local\Temp\WC2DB3.tmp --------- 0  
 27.10.2010 16:33     C:\Users\COOL16\AppData\Local\Temp\plugtmp-2 --------- 0  
 25.10.2010 18:58     C:\Users\COOL16\AppData\Local\Temp\13134800.od --------- 134  
 25.10.2010 18:58     C:\Users\COOL16\AppData\Local\Temp\13134114.cvr --------- 14964  
 25.10.2010 16:04     C:\Users\COOL16\AppData\Local\Temp\2713699.od --------- 134  
 25.10.2010 16:04     C:\Users\COOL16\AppData\Local\Temp\CVR6863.tmp.cvr --------- 0  
 19.10.2010 05:00     C:\Users\COOL16\AppData\Local\Temp\78359.od --------- 134  
 19.10.2010 05:00     C:\Users\COOL16\AppData\Local\Temp\CVR3217.tmp.cvr --------- 0  
 17.10.2010 12:44     C:\Users\COOL16\AppData\Local\Temp\UGza1twF.htm.part --------- 0  
 17.10.2010 08:40     C:\Users\COOL16\AppData\Local\Temp\nllm2h3j.bmp --------- 90054  
 17.10.2010 08:39     C:\Users\COOL16\AppData\Local\Temp\kfxty7eq.bmp --------- 426934  
 15.10.2010 11:43     C:\Users\COOL16\AppData\Local\Temp\VTS_01_4 (2).VOB --------- 1073709056  
 15.10.2010 11:43     C:\Users\COOL16\AppData\Local\Temp\CVR2EDF.tmp.cvr --------- 1632  
 15.10.2010 11:42     C:\Users\COOL16\AppData\Local\Temp\9121503.od --------- 134  
 15.10.2010 11:41     C:\Users\COOL16\AppData\Local\Temp\VTS_01_4.VOB --------- 1073709056  
 15.10.2010 11:41     C:\Users\COOL16\AppData\Local\Temp\CVRC0D1.tmp.cvr --------- 1632  
 15.10.2010 11:40     C:\Users\COOL16\AppData\Local\Temp\8962257.od --------- 134  
 14.10.2010 16:09     C:\Users\COOL16\AppData\Local\Temp\plugtmp-1 --------- 0  
 10.10.2010 14:25     C:\Users\COOL16\AppData\Local\Temp\JETF97A.tmp --------- 0  
 10.10.2010 12:32     C:\Users\COOL16\AppData\Local\Temp\WERFBD1.tmp.version.txt --------- 476  
 08.10.2010 12:00     C:\Users\COOL16\AppData\Local\Temp\7zO27DD.tmp --------- 0  
 26.09.2010 19:30     C:\Users\COOL16\AppData\Local\Temp\JETDB9E.tmp --------- 0  
 26.09.2010 19:28     C:\Users\COOL16\AppData\Local\Temp\7910982.od --------- 134  
 26.09.2010 19:28     C:\Users\COOL16\AppData\Local\Temp\7910982.cvr --------- 5872  
 26.09.2010 17:24     C:\Users\COOL16\AppData\Local\Temp\467878.od --------- 134  
 26.09.2010 17:24     C:\Users\COOL16\AppData\Local\Temp\CVR23A6.tmp.cvr --------- 0  
 17.09.2010 15:53     C:\Users\COOL16\AppData\Local\Temp\audacity_temp --------- 0  
 14.09.2010 15:26     C:\Users\COOL16\AppData\Local\Temp\5658171.od --------- 134  
 14.09.2010 15:26     C:\Users\COOL16\AppData\Local\Temp\5658171.cvr --------- 1552  
 14.09.2010 15:24     C:\Users\COOL16\AppData\Local\Temp\5531467.od --------- 134  
 14.09.2010 15:24     C:\Users\COOL16\AppData\Local\Temp\CVR672C.tmp.cvr --------- 0  
 12.09.2010 15:04     C:\Users\COOL16\AppData\Local\Temp\fhaofqpo.bmp --------- 1080054  
 08.09.2010 15:54     C:\Users\COOL16\AppData\Local\Temp\qpz9lxfa.bmp --------- 823118  
 08.09.2010 15:53     C:\Users\COOL16\AppData\Local\Temp\n8n9iud1.bmp --------- 823118  
 01.09.2010 16:41     C:\Users\COOL16\AppData\Local\Temp\JET2F97.tmp --------- 0  
 01.09.2010 16:32     C:\Users\COOL16\AppData\Local\Temp\~DFBEA0.tmp --------- 512  
 01.09.2010 15:42     C:\Users\COOL16\AppData\Local\Temp\1306711.od --------- 134  
 29.08.2010 13:16     C:\Users\COOL16\AppData\Local\Temp\tmpBAE7.tmp --------- 17540  
 29.08.2010 13:15     C:\Users\COOL16\AppData\Local\Temp\tmpBAE6.xml --------- 0  
 29.08.2010 13:15     C:\Users\COOL16\AppData\Local\Temp\tmpBAE6.tmp --------- 0  
 29.08.2010 13:03     C:\Users\COOL16\AppData\Local\Temp\{11648116-65c8-4e2f-91b3-4578dd459344} --------- 0  
 29.08.2010 07:58     C:\Users\COOL16\AppData\Local\Temp\plugtmp --------- 0  
 24.08.2010 18:13     C:\Users\COOL16\AppData\Local\Temp\Temp1_pointofix150de-20090312-setup.zip --------- 0  
 24.08.2010 17:38     C:\Users\COOL16\AppData\Local\Temp\Temp1_Pivot.zip --------- 0  
 19.08.2010 17:36     C:\Users\COOL16\AppData\Local\Temp\Windows Live Toolbar --------- 0  
 17.08.2010 05:48     C:\Users\COOL16\AppData\Local\Temp\180992.od --------- 134  
 17.08.2010 05:48     C:\Users\COOL16\AppData\Local\Temp\CVRC293.tmp.cvr --------- 0  
 14.08.2010 06:48     C:\Users\COOL16\AppData\Local\Temp\DWDD7D9.tmp --------- 0  
 14.08.2010 06:48     C:\Users\COOL16\AppData\Local\Temp\WERB51C.tmp.appcompat.txt --------- 9902  
 14.08.2010 06:48     C:\Users\COOL16\AppData\Local\Temp\WERA0D0.tmp.version.txt --------- 476  
 13.08.2010 13:41     C:\Users\COOL16\AppData\Local\Temp\7671271.od --------- 134  
 13.08.2010 13:41     C:\Users\COOL16\AppData\Local\Temp\7671271.cvr --------- 3016  
 13.08.2010 12:06     C:\Users\COOL16\AppData\Local\Temp\2027903.od --------- 134  
 13.08.2010 12:06     C:\Users\COOL16\AppData\Local\Temp\CVRF17F.tmp.cvr --------- 0  
 11.08.2010 05:51     C:\Users\COOL16\AppData\Local\Temp\1167137.od --------- 134  
 11.08.2010 05:51     C:\Users\COOL16\AppData\Local\Temp\CVRCF21.tmp.cvr --------- 0  
 10.08.2010 19:13     C:\Users\COOL16\AppData\Local\Temp\15142673.od --------- 134  
 10.08.2010 19:13     C:\Users\COOL16\AppData\Local\Temp\15142658.cvr --------- 2744  
 10.08.2010 19:09     C:\Users\COOL16\AppData\Local\Temp\14905755.od --------- 134  
 10.08.2010 19:09     C:\Users\COOL16\AppData\Local\Temp\CVR719B.tmp.cvr --------- 0  
 10.08.2010 17:41     C:\Users\COOL16\AppData\Local\Temp\msohtmlclip --------- 0  
 08.08.2010 13:48     C:\Users\COOL16\AppData\Local\Temp\l3mvihkz.bmp --------- 774454  
 06.08.2010 12:28     C:\Users\COOL16\AppData\Local\Temp\~e5.0001 --------- 73276  
 31.07.2010 07:44     C:\Users\COOL16\AppData\Local\Temp\WER6E9C.tmp.hdmp --------- 204919275  
 31.07.2010 07:44     C:\Users\COOL16\AppData\Local\Temp\WER6E8C.tmp.appcompat.txt --------- 5848  
 31.07.2010 07:44     C:\Users\COOL16\AppData\Local\Temp\WER6E4C.tmp.version.txt --------- 476  
 18.07.2010 12:23     C:\Users\COOL16\AppData\Local\Temp\gvog2r8z.bmp --------- 397542  
 18.07.2010 12:22     C:\Users\COOL16\AppData\Local\Temp\4mw718yt.bmp --------- 1920054  
 18.07.2010 07:46     C:\Users\COOL16\AppData\Local\Temp\OIS --------- 0  
 18.07.2010 07:46     C:\Users\COOL16\AppData\Local\Temp\TWAIN.LOG --------- 711  
 18.07.2010 07:39     C:\Users\COOL16\AppData\Local\Temp\Twain001.Mtx --------- 2  
 18.07.2010 07:39     C:\Users\COOL16\AppData\Local\Temp\Twunk001.MTX --------- 156  
 18.07.2010 07:39     C:\Users\COOL16\AppData\Local\Temp\Twunk002.MTX --------- 0  
 18.07.2010 07:34     C:\Users\COOL16\AppData\Local\Temp\jr4k54um.bmp --------- 414454  
 11.07.2010 09:48     C:\Users\COOL16\AppData\Local\Temp\~fm897A.tmp --------- 4376  
 11.07.2010 09:48     C:\Users\COOL16\AppData\Local\Temp\~ft8979.tmp --------- 14592  
 11.07.2010 09:48     C:\Users\COOL16\AppData\Local\Temp\~hm8969.tmp --------- 34920  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~fmFD7E.tmp --------- 26540  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~ftFD7D.tmp --------- 48945  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~hmFD6C.tmp --------- 34920  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~btB831.tmp --------- 5509  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~ttB830.tmp --------- 6700  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~fmB82F.tmp --------- 30568  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~ftB81F.tmp --------- 79414  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~hmB81E.tmp --------- 34920  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~fm77A4.tmp --------- 4445  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~ft77A3.tmp --------- 9050  
 11.07.2010 09:47     C:\Users\COOL16\AppData\Local\Temp\~hm77A2.tmp --------- 34920  
 11.07.2010 08:31     C:\Users\COOL16\AppData\Local\Temp\CLWBD18.tmp --------- 2996  
 11.07.2010 08:31     C:\Users\COOL16\AppData\Local\Temp\WCBD17.tmp --------- 0  
 08.07.2010 13:27     C:\Users\COOL16\AppData\Local\Temp\MapError.html --------- 655  
 07.07.2010 11:32     C:\Users\COOL16\AppData\Local\Temp\QTInstallCode.log --------- 840  
 06.07.2010 17:54     C:\Users\COOL16\AppData\Local\Temp\4991938.od --------- 134  
 06.07.2010 17:54     C:\Users\COOL16\AppData\Local\Temp\CVR2BC2.tmp.cvr --------- 0  
 06.07.2010 17:53     C:\Users\COOL16\AppData\Local\Temp\CVR79A3.tmp.cvr --------- 1672  
 06.07.2010 17:53     C:\Users\COOL16\AppData\Local\Temp\4880803.od --------- 134  
 06.07.2010 17:42     C:\Users\COOL16\AppData\Local\Temp\CVR731D.tmp.cvr --------- 1576  
 06.07.2010 17:42     C:\Users\COOL16\AppData\Local\Temp\4223773.od --------- 134  
 05.07.2010 20:43     C:\Users\COOL16\AppData\Local\Temp\hsperfdata_COOL16 --------- 0  
 05.07.2010 18:16     C:\Users\COOL16\AppData\Local\Temp\tmp~00000.tmp --------- 0  
 05.07.2010 08:46     C:\Users\COOL16\AppData\Local\Temp\VBE --------- 0  
 04.07.2010 14:28     C:\Users\COOL16\AppData\Local\Temp\MessengerCache --------- 0  
 23.06.2010 07:40     C:\Users\COOL16\AppData\Local\Temp\DWD65C6.tmp --------- 0  
 23.06.2010 07:40     C:\Users\COOL16\AppData\Local\Temp\WER63B2.tmp.appcompat.txt --------- 253312  
 23.06.2010 07:40     C:\Users\COOL16\AppData\Local\Temp\WER55FB.tmp.version.txt --------- 476  
 05.06.2010 11:54     C:\Users\COOL16\AppData\Local\Temp\insBF59.tmp --------- 473933  
 02.06.2010 11:44     C:\Users\COOL16\AppData\Local\Temp\par-COOL16 --------- 0  
 02.06.2010 11:43     C:\Users\COOL16\AppData\Local\Temp\GeoSetter.log --------- 0  
 01.06.2010 17:05     C:\Users\COOL16\AppData\Local\Temp\JET3957.tmp --------- 0  
 30.05.2010 13:09     C:\Users\COOL16\AppData\Local\Temp\~f1d055.tmp --------- 46592  
 30.05.2010 11:43     C:\Users\COOL16\AppData\Local\Temp\YouCam --------- 0  
 21.05.2010 14:08     C:\Users\COOL16\AppData\Local\Temp\Digital_Foto_Maker --------- 0  
 20.05.2010 17:45     C:\Users\COOL16\AppData\Local\Temp\DWD36EC.tmp --------- 0  
 20.05.2010 17:45     C:\Users\COOL16\AppData\Local\Temp\WER3611.tmp.appcompat.txt --------- 9902  
 20.05.2010 17:45     C:\Users\COOL16\AppData\Local\Temp\WER2CBD.tmp.version.txt --------- 476  
 19.05.2010 16:00     C:\Users\COOL16\AppData\Local\Temp\Adobe --------- 0  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll10.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll13.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll14.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll15.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll12.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll11.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll1.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll2.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll3.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll4.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll5.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll6.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll7.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll8.dll --------- 90112  
 01.10.2007 15:55     C:\Users\COOL16\AppData\Local\Temp\skydll9.dll --------- 90112  
----------------------------------------

 
C:\Program Files

 25.12.2010 20:40     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 15.12.2010 18:09     C:\Program Files\Windows Mail --------- 4096  
 15.12.2010 18:09     C:\Program Files\Internet Explorer --------- 4096  
 15.12.2010 18:02     C:\Program Files\Microsoft Works --------- 24576  
 13.12.2010 10:20     C:\Program Files\InstallShield Installation Information --------- 0  
 13.12.2010 10:17     C:\Program Files\Windows Live --------- 4096  
 13.12.2010 10:06     C:\Program Files\Monte Cristo --------- 0  
 13.12.2010 09:19     C:\Program Files\Modellbahn-Planer --------- 0  
 12.12.2010 18:55     C:\Program Files\sixteen tons entertainment --------- 0  
 12.12.2010 18:11     C:\Program Files\IObit --------- 0  
 08.12.2010 15:38     C:\Program Files\PDFCreator --------- 4096  
 05.12.2010 13:18     C:\Program Files\YouTube Downloader --------- 0  
 24.11.2010 15:33     C:\Program Files\Firefly Studios --------- 0  
 17.11.2010 16:43     C:\Program Files\Samsung --------- 0  
 15.11.2010 18:01     C:\Program Files\Microsoft.NET --------- 0  
 08.11.2010 17:26     C:\Program Files\PhotoScape --------- 0  
 06.11.2010 16:41     C:\Program Files\RTL --------- 0  
 31.10.2010 13:30     C:\Program Files\eBay --------- 0  
 15.10.2010 17:30     C:\Program Files\Windows Media Player --------- 4096  
 30.09.2010 14:24     C:\Program Files\Microsoft Silverlight --------- 4096  
 29.08.2010 13:10     C:\Program Files\Microsoft --------- 0  
 29.08.2010 11:40     C:\Program Files\Maxis --------- 0  
 24.08.2010 18:12     C:\Program Files\MWSnap --------- 0  
 24.08.2010 18:11     C:\Program Files\KompoZer --------- 0  
 24.08.2010 17:40     C:\Program Files\Pivot Stickfigure Animator --------- 0  
 14.08.2010 10:29     C:\Program Files\Microsoft Games for Windows - LIVE --------- 0  
 14.08.2010 10:28     C:\Program Files\AGEIA Technologies --------- 12288  
 14.08.2010 10:10     C:\Program Files\LucasArts --------- 0  
 12.08.2010 17:21     C:\Program Files\Movie Maker --------- 4096  
 18.07.2010 18:36     C:\Program Files\ophcrack --------- 0  
 07.07.2010 12:38     C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096  
 07.07.2010 11:39     C:\Program Files\iTunes --------- 4096  
 07.07.2010 11:38     C:\Program Files\iPod --------- 0  
 07.07.2010 11:37     C:\Program Files\QuickTime --------- 4096  
 07.07.2010 11:35     C:\Program Files\Apple Software Update --------- 4096  
 07.07.2010 11:33     C:\Program Files\Bonjour --------- 4096  
 07.07.2010 11:33     C:\Program Files\Common Files --------- 4096  
 05.07.2010 20:26     C:\Program Files\Mozilla Firefox --------- 12288  
 05.07.2010 17:22     C:\Program Files\Skype --------- 0  
 04.07.2010 14:25     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 26.04.2010 19:02     C:\Program Files\Feuerwehr 3D --------- 4096  
 26.04.2010 18:59     C:\Program Files\Ubi Soft Games --------- 0  
 14.04.2010 11:34     C:\Program Files\F„lscherwerkstatt 5 --------- 4096  
 05.04.2010 13:06     C:\Program Files\ParentsFriend --------- 0  
 05.04.2010 12:33     C:\Program Files\Adobe --------- 0  
 05.04.2010 12:19     C:\Program Files\Analyse2 --------- 4096  
 07.03.2010 14:38     C:\Program Files\LEGO Media --------- 0  
 17.02.2010 16:39     C:\Program Files\Avira --------- 0  
 17.02.2010 16:17     C:\Program Files\Windows Portable Devices --------- 0  
 31.12.2009 09:41     C:\Program Files\MAGIX --------- 4096  
 24.12.2009 20:55     C:\Program Files\Microsoft Games --------- 4096  
 06.12.2009 18:06     C:\Program Files\Uninstall Information --------- 0  
 22.11.2009 13:19     C:\Program Files\Kiribati --------- 0  
 25.10.2009 15:47     C:\Program Files\Windows Calendar --------- 0  
 25.10.2009 15:47     C:\Program Files\Windows Sidebar --------- 4096  
 25.10.2009 15:47     C:\Program Files\Windows Collaboration --------- 0  
 25.10.2009 15:47     C:\Program Files\Windows Journal --------- 0  
 25.10.2009 15:47     C:\Program Files\Windows Photo Gallery --------- 4096  
 25.10.2009 15:47     C:\Program Files\Windows Defender --------- 4096  
 14.10.2009 15:30     C:\Program Files\directx --------- 0  
 27.09.2009 08:19     C:\Program Files\Atari --------- 0  
 25.08.2009 15:19     C:\Program Files\MainConcept --------- 0  
 03.08.2009 16:48     C:\Program Files\Hewlett-Packard --------- 4096  
 29.07.2009 09:12     C:\Program Files\PHILIPS --------- 0  
 14.07.2009 13:22     C:\Program Files\EA SPORTS --------- 0  
 16.06.2009 09:48     C:\Program Files\Rockstar Games --------- 0  
 05.04.2009 08:52     C:\Program Files\Sierra On-Line --------- 0  
 04.04.2009 10:46     C:\Program Files\ProtectDisc Driver Installer --------- 0  
 08.02.2009 16:57     C:\Program Files\Crazy Machines II --------- 4096  
 08.02.2009 16:53     C:\Program Files\OpenAL --------- 0  
 03.02.2009 17:23     C:\Program Files\Spiele --------- 0  
 03.02.2009 17:22     C:\Program Files\CAD-KAS Heli Flight --------- 4096  
 01.12.2008 16:13     C:\Program Files\MSXML 4.0 --------- 0  
 01.12.2008 15:07     C:\Program Files\Online Services --------- 0  
 01.12.2008 15:07     C:\Program Files\AIM6 --------- 8192  
 01.12.2008 15:07     C:\Program Files\Viewpoint --------- 0  
 01.12.2008 15:00     C:\Program Files\Gemeinsame Dateien --------- 0  
 01.12.2008 15:00     C:\Program Files\Windows NT --------- 4096  
 19.09.2008 00:52     C:\Program Files\CyberLink --------- 4096  
 19.09.2008 00:22     C:\Program Files\Intel --------- 0  
 19.09.2008 00:19     C:\Program Files\Realtek --------- 0  
 19.09.2008 00:19     C:\Program Files\IDT --------- 4096  
 19.09.2008 00:16     C:\Program Files\Synaptics --------- 0  
 02.07.2008 09:03     C:\Program Files\Java --------- 4096  
 02.07.2008 09:00     C:\Program Files\HP --------- 4096  
 02.07.2008 08:41     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192  
 02.07.2008 08:40     C:\Program Files\Microsoft Office --------- 4096  
 02.07.2008 08:16     C:\Program Files\HP Games --------- 12288  
 21.01.2008 03:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
 02.11.2006 13:37     C:\Program Files\MSBuild --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

COOL16    
Jonas    
Public    
Gast    
Tino Wiede    
sound    
Bilder    
level    
Default    
desktop.ini    
Default User    
All Users    
BREAKOUT.exe    
DEMO.EXE    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        24.156 K
smss.exe                       456 Services                   0           620 K
csrss.exe                      592 Services                   0         6.192 K
wininit.exe                    644 Services                   0         3.484 K
csrss.exe                      656 Console                    1        11.688 K
services.exe                   688 Services                   0         7.140 K
lsass.exe                      700 Services                   0         1.924 K
lsm.exe                        708 Services                   0         3.632 K
svchost.exe                    864 Services                   0         7.988 K
nvvsvc.exe                     928 Services                   0         2.988 K
svchost.exe                    956 Services                   0         6.280 K
svchost.exe                   1012 Services                   0        40.996 K
svchost.exe                   1044 Services                   0        13.352 K
svchost.exe                   1076 Services                   0       101.840 K
svchost.exe                   1108 Services                   0        70.220 K
stacsv.exe                    1132 Services                   0         5.292 K
winlogon.exe                  1196 Console                    1         5.148 K
audiodg.exe                   1240 Services                   0        22.588 K
svchost.exe                   1356 Services                   0         4.012 K
SLsvc.exe                     1372 Services                   0         6.324 K
svchost.exe                   1404 Services                   0        10.752 K
hpservice.exe                 1484 Services                   0         4.156 K
svchost.exe                   1524 Services                   0        18.728 K
rundll32.exe                  1812 Console                    1         5.948 K
spoolsv.exe                   1964 Services                   0         8.392 K
svchost.exe                   2000 Services                   0        19.480 K
AEstSrv.exe                    940 Services                   0         1.452 K
AppleMobileDeviceService.      636 Services                   0         4.072 K
mDNSResponder.exe             1328 Services                   0         4.740 K
IAANTmon.exe                  1536 Services                   0         5.508 K
LSSrvc.exe                    1696 Services                   0         3.264 K
svchost.exe                   1496 Services                   0         4.584 K
QPCapSvc.exe                  2060 Services                   0        10.316 K
QPSched.exe                   2108 Services                   0         6.304 K
BLService.exe                 2160 Services                   0         4.200 K
RichVideo.exe                 2196 Services                   0         3.724 K
svchost.exe                   2232 Services                   0         5.304 K
svchost.exe                   2268 Services                   0         3.280 K
WLIDSVC.EXE                   2308 Services                   0         8.760 K
SearchIndexer.exe             2352 Services                   0        17.788 K
WLIDSVCM.EXE                  2612 Services                   0         2.512 K
dwm.exe                       3168 Console                    1         5.536 K
taskeng.exe                   3212 Console                    1        14.024 K
explorer.exe                  3224 Console                    1        50.744 K
SynTPEnh.exe                  3480 Console                    1         7.912 K
IAAnotif.exe                  3492 Console                    1         6.100 K
QPService.exe                 3540 Console                    1        14.032 K
MSASCui.exe                   3592 Console                    1        16.520 K
QLBCTRL.exe                   3648 Console                    1         7.924 K
HPKBDAPP.exe                  3660 Console                    1         6.804 K
hpwuSchd2.exe                 3684 Console                    1         3.960 K
HPWAMain.exe                  3692 Console                    1         6.484 K
jusched.exe                   3716 Console                    1         4.304 K
sttray.exe                    3804 Console                    1         8.652 K
rundll32.exe                  3868 Console                    1         5.380 K
iTunesHelper.exe              3956 Console                    1         9.284 K
sidebar.exe                   3964 Console                    1        29.740 K
LightScribeControlPanel.e     4012 Console                    1         7.756 K
Skype.exe                     2176 Console                    1        58.464 K
ehtray.exe                    1884 Console                    1         2.856 K
ONENOTEM.EXE                  2716 Console                    1         2.556 K
ehmsas.exe                    2692 Console                    1         5.888 K
taskeng.exe                   3580 Services                   0         5.640 K
skypePM.exe                   2168 Console                    1        17.384 K
hpqwmiex.exe                  2872 Services                   0         5.080 K
WmiPrvSE.exe                  3940 Services                   0         6.348 K
iPodService.exe               2276 Services                   0         5.096 K
Com4QLBEx.exe                 4420 Services                   0         3.624 K
WiFiMsg.exe                   4428 Console                    1         5.080 K
HpqToaster.exe                4476 Console                    1         7.536 K
SynTPHelper.exe               4608 Console                    1         2.600 K
unsecapp.exe                  5344 Console                    1         6.480 K
HPHC_Service.exe              5848 Services                   0        12.536 K
homeDVD-Filme.exe             4384 Console                    1       142.648 K
avguard.exe                   3244 Services                   0        24.600 K
avshadow.exe                  2364 Services                   0         6.036 K
sched.exe                     4348 Services                   0         1.216 K
avgnt.exe                     5064 Console                    1         2.240 K
sdclt.exe                     5016 Console                    1        10.384 K
svchost.exe                   2080 Services                   0         6.896 K
conime.exe                    3680 Console                    1         5.336 K
mbam.exe                      4964 Console                    1        98.616 K
firefox.exe                   6136 Console                    1        80.316 K
plugin-container.exe          4596 Console                    1        14.904 K
cmd.exe                       5652 Console                    1         6.524 K
SearchProtocolHost.exe        5816 Services                   0         5.688 K
SearchFilterHost.exe          5328 Services                   0         4.400 K
dllhost.exe                   3392 Console                    1         5.728 K
tasklist.exe                  5168 Console                    1         6.108 K
WmiPrvSE.exe                  4252 Services                   0         5.760 K

 
***** Ende des Scans 25.12.2010 um 21:13:59,66 ***
         

bitte helft mir

mfg Jonas

Alt 26.12.2010, 19:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert? Hijackthis scan - Standard

Infiziert? Hijackthis scan



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 26.12.2010, 20:49   #3
joniboy@gmx.
 
Infiziert? Hijackthis scan - Standard

Infiziert? Hijackthis scan



otl textOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.12.2010 21:43:12 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = c:\Users\COOL16\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,92 Gb Total Space | 42,45 Gb Free Space | 18,96% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,06 Gb Free Space | 11,81% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.26 13:23:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\COOL16\Desktop\Downloads\OTL.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.11 16:24:26 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.26 09:43:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.26 09:43:35 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.01.12 17:16:02 | 014,041,088 | ---- | M] (MAGIX AG) -- C:\Programme\MAGIX\Filme_auf_DVD_TerraTec_deluxe_Edition\homeDVD-Filme.exe
PRC - [2008.04.15 19:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe
PRC - [2008.04.15 19:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.04.15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.02.22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008.02.12 21:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.26 13:23:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\COOL16\Desktop\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.11 16:24:26 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.04.15 19:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008.04.15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.12 21:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.14 15:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2010.12.25 18:56:32 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.11 16:24:42 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.07.15 11:21:14 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.14 17:00:26 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009.01.14 17:00:26 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2009.01.14 17:00:25 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2008.09.24 08:27:22 | 000,443,920 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SkyNETU2.sys -- (SKYNETU2)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.23 04:29:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.23 04:29:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.15 19:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 11:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.01 12:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.08.13 03:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.07.11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006.01.07 12:09:50 | 000,007,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Samhid.sys -- (samhid)
DRV - [2005.04.14 13:12:32 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.04.04 11:43:22 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 16:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.07 11:37:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.11 08:32:30 | 000,000,000 | ---D | M]
 
[2010.07.05 20:26:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_TerraTec_deluxe_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDViewer/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e591183c-bf9e-11dd-bb4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e591183c-bf9e-11dd-bb4c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Malwarebytes
[2010.12.25 20:40:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.25 20:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.25 20:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.25 20:40:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.15 14:33:36 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 14:33:34 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 14:33:33 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 14:33:33 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 14:33:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 14:33:29 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 14:33:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 14:33:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 14:33:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 14:33:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 14:33:25 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 14:33:25 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 14:33:25 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 14:33:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 14:33:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 14:33:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 14:33:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 14:33:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 14:33:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 14:33:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 14:33:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 14:33:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 14:33:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 14:33:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 14:33:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 14:33:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.13 12:55:23 | 000,506,368 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2010.12.12 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\IObit
[2010.12.12 18:11:46 | 000,000,000 | ---D | C] -- C:\Programme\IObit
[2010.12.08 15:36:05 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.12.08 15:36:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2010.12.08 15:36:01 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2010.12.08 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\UDC Profiles
[2010.12.08 14:40:21 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Documents\UDC Output Files
[2010.12.05 13:18:37 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2010.12.04 13:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.12.02 10:36:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlntsess.exe
[2010.12.02 10:36:21 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\telnet.exe
[2010.11.30 20:16:46 | 000,000,000 | ---D | C] -- C:\COOL16
[2010.11.30 20:11:07 | 000,000,000 | ---D | C] -- C:\joniboy@gmx.de
[2010.11.30 14:04:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.11.30 14:04:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.26 21:23:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.26 21:23:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.26 19:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.26 19:57:51 | 000,042,142 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.26 19:57:51 | 000,042,142 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.26 10:50:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.26 10:50:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.26 10:50:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.26 10:50:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 09:24:05 | 000,001,431 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.12.26 09:23:46 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.12.26 09:23:23 | 3216,236,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 18:56:32 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.15 18:16:17 | 000,334,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.13 09:56:35 | 000,000,251 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010.12.13 09:19:01 | 000,000,025 | ---- | M] () -- C:\Windows\WININIT.INI
[2010.12.12 18:11:54 | 000,000,135 | ---- | M] () -- C:\Users\Jonas\Desktop\IObit Freeware.url
[2010.12.11 16:24:42 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.03 15:31:58 | 356,616,753 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.01 14:11:34 | 000,000,862 | ---- | M] () -- C:\Windows\System32\termcap
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.13 09:19:01 | 000,000,025 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.12.12 18:11:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010.12.12 18:11:54 | 000,000,135 | ---- | C] () -- C:\Users\Jonas\Desktop\IObit Freeware.url
[2010.12.08 15:36:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.01 14:11:35 | 000,000,862 | ---- | C] () -- C:\Windows\System32\termcap
[2010.11.17 16:41:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.17 16:41:37 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.08.29 11:37:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.03.19 13:28:16 | 000,000,114 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\wklnhst.dat
[2010.03.07 14:38:55 | 000,000,253 | ---- | C] () -- C:\Windows\Creator.INI
[2009.11.27 14:07:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2009.11.22 13:19:53 | 000,350,208 | ---- | C] () -- C:\Windows\System32\Rivet200.dll
[2009.10.25 10:13:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.29 09:12:20 | 000,839,680 | ---- | C] () -- C:\Windows\System32\FDRpage.dll
[2009.07.29 09:12:20 | 000,007,548 | ---- | C] () -- C:\Windows\System32\drivers\Samhid.sys
[2009.04.28 13:14:20 | 000,007,592 | ---- | C] () -- C:\Users\Jonas\AppData\Local\d3d9caps.dat
[2009.04.04 10:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.04.04 10:35:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.04.04 10:34:10 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.08 07:14:44 | 000,000,251 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.12.27 20:44:30 | 000,017,089 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\UserTile.png
[2008.12.27 13:00:13 | 000,031,744 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.01 15:11:01 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\QSwitch.txt
[2008.12.01 15:11:01 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DSwitch.txt
[2008.12.01 15:11:01 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\AtStart.txt
[2008.09.19 00:47:41 | 000,042,142 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.19 00:47:41 | 000,042,142 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997.11.10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.06.24 14:01:25 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\acccore
[2010.04.21 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AntiBrowserSpy 2009
[2010.04.21 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GeoSetter
[2010.12.12 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\IObit
[2010.08.24 18:11:19 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\KompoZer
[2010.12.13 10:12:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MAGIX
[2009.02.01 07:24:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\PeerNetworking
[2010.11.08 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\PhotoScape
[2009.04.04 10:46:45 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ProtectDisc
[2010.12.13 10:04:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Samsung
[2010.03.19 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Template
[2010.12.08 14:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\UDC Profiles
[2008.12.26 07:49:45 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\WildTangent
[2010.12.26 09:23:46 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010.12.25 22:04:16 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8C35AEA7

< End of report >
         
--- --- ---

otl extraOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.12.2010 21:43:12 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = c:\Users\COOL16\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,92 Gb Total Space | 42,45 Gb Free Space | 18,96% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,06 Gb Free Space | 11,81% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02499017-849B-41E0-8525-E92B5E8343FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{02C355F0-0B48-40A0-90AB-0F7FA7FDCCD0}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{0D9D85D7-2AD8-49C4-90EB-D5CE70069804}" = rport=138 | protocol=17 | dir=out | app=system | 
"{12F8328B-7DB7-40D2-A466-272B6E697765}" = rport=445 | protocol=6 | dir=out | app=system | 
"{18A8DB86-2F98-4F72-A992-EA0225949B7D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{18AB20E2-0FAF-445F-94AE-8AD1E6340C15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{1BC2AD3E-F295-44D6-8FCF-D67FC91CE1DD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22DBA032-A0AD-423E-A1EB-7BFD0D903384}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3AD5AE92-8768-4A4A-B9B6-9618ECFBC6DD}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{3CBB8CD5-53D3-42AE-A510-83B47BBA0A10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44B32459-D34E-450A-95D9-68C6A07EB37A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{4ED46133-4DCC-483A-B687-5B57AE193D68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{54911171-6AF5-4B66-B683-23C1E479290F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{6012B4D6-683E-4DEB-A2D1-B3D49994BABB}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{612C0509-793F-46F0-844A-18B85D9395D1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{62371886-AB50-49AF-B4A4-283A19DC46A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{62381282-E9BE-4B9D-8FC1-A027B8CB7D84}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{666B5D05-9142-452E-B176-0B0A15A0278E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6D0E7FEF-0D5F-4780-935B-10E0C1F49D15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{7CC0241D-A50A-41D7-BD6C-53859A59ADF0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{828F7606-0289-470B-BCFA-80E92CAF785E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{849B4973-AD0B-41E8-AD66-F2BB019AE689}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8D2B25AB-6C63-4D00-97CC-6B99A85ECDCC}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{8EF4C1E3-9ACA-452E-9AE4-B3F28FDDE8D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9ABD7D27-2943-4DE2-89FA-DD75B8DB2346}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{9B81A2DB-2ED3-4E16-958D-9F9A35B7F93C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C694A6D-A0E7-4EBA-BD14-A8C00A9BCDF0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{9D04446E-E886-4165-9BFC-6BC649ED55EC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A03EE864-86A8-464D-A3DE-85F997021DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A331E3F9-EFA2-4EBA-864A-97193971B84D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AA7097F7-AC39-4197-A69C-7A44FD78A215}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AAF1D22D-1CF4-4D0D-92C9-7C23B85D0584}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{ADE22A60-AD6A-4BCB-AB33-546CE603F323}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF79DA47-933A-49E7-8345-71214402747A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C0CC9B0B-26C7-4FA0-A186-35D288A5A5B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C5FF427C-61A7-451A-9C03-07A5029A9F85}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C743E0B8-E5B6-4F1E-826A-B2AF755E7B42}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{D1C6FC71-859E-4783-B436-2EFEA7024791}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D3964630-78A2-41D2-93DB-FEBD2403B9A8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{D5FF4C42-0BAC-41E6-86C2-DCAD4E9BD5E5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D6F9642D-2024-44D2-8BB1-5F580B7D0274}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{DB7DA709-8503-40D3-9F33-1789176F6D03}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{DE55CDD9-91F1-4B20-B906-A4A184DF0597}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{E1B6D4F9-D4E8-4A61-A5B5-E10FC2765CE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{EB1FEB95-4386-4153-9375-0147B63176F3}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{F560B6DA-9FA2-4298-84C3-FA3C5F3595B4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FC001300-45D8-4447-9841-5E9395E0B8E2}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C684A2-FFDC-46C7-96B9-08710E164EDF}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{04FA1BF0-0762-4DDA-A190-71705526BF63}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{05015F04-9E1B-427F-B4E6-0016AF6B4A3A}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{06353EE7-698F-4B10-8FB0-7886C4B5C221}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{075167A4-DA7B-46EB-A48B-7E52002276AF}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{0919A9EA-F041-42DB-974E-4E15948265FA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{113FDD35-D6FE-400F-9CC1-8582E2E520C1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{11D23946-E06E-421A-A738-F485306C2A98}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{198B3528-4214-43E8-9C67-50D486FD59E5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{1A1FFC6A-D250-47FC-912E-E46B207B9559}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21B39FF8-210E-4CA1-BF65-563FC02DA775}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{2241E50B-807B-4B68-8840-B0ECA1A6BCCD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{241BD80A-FE7E-41BB-988C-F0C51DCDE459}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{26AE1204-DE54-4BF0-A49D-03EE9104F9A1}" = protocol=17 | dir=in | app=c:\program files\youtube downloader\youtubedownloader.exe | 
"{2CE3F693-E1B5-4607-A3D3-B7C269C9F106}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{2D103B3F-BF12-4F86-85F1-BE3F0ED41A74}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{2FC616A3-0BCD-4071-B8AB-185F7E742DB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3424796C-3335-4ADC-A5A3-7C93351465CF}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{34E7E0CF-8714-48B9-933F-2E37BA04DB11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3CD3DF58-B533-48FD-A90E-B7FC28CF0C1C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{41C79011-F9F1-4353-B010-C1D21A0B8C90}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{4720A62F-29B7-431F-98C7-EFF855FD3184}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{47CDD7EF-E75B-48FC-99F8-8571D7EC8DB4}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{4DC6B6BA-C4CE-4A1D-B1FF-CC0CC67A77DE}" = protocol=6 | dir=in | app=c:\program files\youtube downloader\youtubedownloader.exe | 
"{4E97B135-EA30-4503-93B0-6FB251994546}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{4E9F6DED-A37B-4B30-A0E3-594D49888C9A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{520C11ED-DC42-48C1-B767-14D825485CF0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{57275DFC-ACEE-41A2-9DE0-C5A83A162C4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5EEFD946-1A38-48B2-AD7E-221131FA7A11}" = protocol=6 | dir=out | app=system | 
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{6395B52F-97F6-48BA-BC49-116FADE651FF}" = protocol=6 | dir=in | app=c:\program files\lucasarts\republic heroes\republic heroes.exe | 
"{67E98D67-7183-45E9-A7EF-70C27AA47CF6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{726340D5-B443-47F3-936B-A7FDAD5FB16A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{74B4529E-D85B-4A31-B52A-48DAA1A91932}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7BE843D6-3455-42AA-8EA1-B00BF282BA81}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{7C591A36-E110-4669-ACF9-F090DBE12DD5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{98908B50-2FC6-4DCB-9ED4-121E9B89B98E}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{9BBA9080-EF6D-458A-96A2-9D044DC893C4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{A256A461-F5DB-47D3-A63A-8237F3B1CD04}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A619F510-808A-4100-B717-241278A59F9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A6ED2361-6AE3-43DF-83EA-E0384FFEFFF3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B879747C-0B06-4FD5-8E50-F6CEADA447AB}" = protocol=17 | dir=in | app=c:\program files\lucasarts\republic heroes\republic heroes.exe | 
"{BB12845C-09D2-4698-B5F0-B7769E27C0F6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{C5A77039-676B-49BE-9AC4-3DF62EDC1183}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC580616-E09B-4470-A59F-62D254E5BE33}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC721FD9-A8F0-4F75-973F-C4B950CC1B8C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{CE0048FD-2A99-4DB4-BD9E-0870CFAA515C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D414051F-8B77-41F0-880A-15164710ECE0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{DB0744A7-8D51-4E43-96F8-3872B829D009}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{DD990596-8459-46DF-9E27-592E9E3281C4}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E859568A-E86C-4B78-BCB6-C1E0615FE610}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{EC1544C9-C8B6-4C4E-A6BD-ABBE3F4CC2BE}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F726AE68-7DD8-4010-BD10-F6B57E49ED02}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F76E17F6-BE08-4A4E-8425-3EDB23EF9EC3}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"TCP Query User{004AA3EF-EB62-411C-AC2A-1D11CDCF2C12}C:\program files\dvbviewerte\skystarir.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"TCP Query User{022EBE67-46DC-41E0-836A-FB5851F4173A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{628BEAE5-3489-4710-94BD-758A0CEF82EF}C:\program files\ea sports\madden nfl 2003\mainapp.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\madden nfl 2003\mainapp.exe | 
"TCP Query User{676F6349-3A83-4A23-A8E9-5D12823217FF}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{71440556-E604-4E8A-A151-E5D9223B0A44}C:\program files\sixteen tons entertainment\gotcha!\gotcha.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\gotcha!\gotcha.exe | 
"TCP Query User{782C6A97-9AB3-4204-AFEE-50D6F59E047B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{79F856F9-7852-46EA-A96B-BA67F8BF5C48}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{9DCF70E7-72EE-49D9-9182-14B3E1B335C5}C:\program files\dvbviewerte\skystarir.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"TCP Query User{A11B585B-E8CD-4298-96B2-DEDD68C70514}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"TCP Query User{BEDBA371-1412-4AB6-B63E-20F1A5A948F6}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C71DFC67-DF40-46CA-9114-7D56629B2CC0}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe | 
"TCP Query User{CF0FD2B7-C6F2-494C-952A-9BE94B7ABE82}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"TCP Query User{E9B36B28-0E39-48E6-A48D-230E98533F11}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{F9222665-CAD7-4933-B65E-3771909A552D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0A1225AB-D1A7-42EB-B55B-622049DD7490}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{18615AD8-825C-4A5E-9B08-A5FCBCC99B5F}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{21355171-4063-47BB-AEB1-4B120819B7C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{34204FBE-41AF-4623-8B97-ACD6761303F7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{4AA18F18-C521-4A87-ACE2-8F411C2052C2}C:\program files\sixteen tons entertainment\gotcha!\gotcha.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\gotcha!\gotcha.exe | 
"UDP Query User{77A28DDE-2285-48FC-9001-C750E2ABC69F}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"UDP Query User{8BD64EF8-84FB-4A0D-9614-A3F22D8C85D3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{98DE6394-A078-4049-9BC1-C20B699EC9FB}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe | 
"UDP Query User{B210F71E-9C87-435F-882E-4475875B8A05}C:\program files\ea sports\madden nfl 2003\mainapp.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\madden nfl 2003\mainapp.exe | 
"UDP Query User{BD2EEA9C-3A97-41D3-B56F-626CE785DEBF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{C04135A9-F2BC-4DBB-A668-7798408ECB7B}C:\program files\dvbviewerte\skystarir.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"UDP Query User{C60B508B-8301-47CB-8F21-624CBF133CC9}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"UDP Query User{D17D6536-31BB-4113-8EB4-3689490B466C}C:\program files\dvbviewerte\skystarir.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"UDP Query User{E8C66783-475E-4D0A-B412-B79D36E04C84}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}" = Crazy Machines II
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{389DF6A8-4784-4C16-9983-B0EC8567D44C}_is1" = Fälscherwerkstatt 5
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{58AC967F-CE64-4065-AF54-FA66BAF31FE8}" = BOILING POINT
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68D97286-D1C7-445C-8007-4778CB874D08}" = Gotcha!
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2390904-74BD-48AA-B2CC-6612F8D46379}" = GameShadow
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{E18C0FA5-9228-4456-8780-1D1808E3417D}" = PMBG-Analyse2
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_6" = AIM
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KompoZer_is1" = KompoZer 0.77
"LEGO Creator" = LEGO Creator
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.7 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.176 (D)
"MAGIX Music Maker 2008 D" = MAGIX Music Maker 2008 13.0.3.2 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Philips Retractable PC Controller" = Philips Retractable PC Controller
"PhotoScape" = PhotoScape
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2010 12:28:59 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2010 12:29:17 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 12:29:18 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 12:37:34 | Computer Name = Jonas-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 13.07.2010 04:06:04 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2010 04:06:21 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.07.2010 04:06:21 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:46:16 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2010 06:46:36 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:46:36 | Computer Name = Jonas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 03.01.2010 07:37:36 | Computer Name = Jonas-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 10.01.2010 08:05:15 | Computer Name = Jonas-PC | Source = ehRecvr | ID = 4
Description = 
 
[ OSession Events ]
Error - 10.08.2010 14:13:12 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 237
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 13.08.2010 08:41:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5644
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 14.09.2010 10:26:54 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2010 14:28:21 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7446
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2010 13:58:16 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10419
 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 14:06:23 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 722
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 29.10.2010 12:31:58 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.10.2010 07:49:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4120
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 11.11.2010 14:47:27 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13151
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 08:04:41 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 386
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.04.2009 07:26:02 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.04.2009 05:54:09 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 19.04.2009 05:54:56 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 19.04.2009 05:55:55 | Computer Name = Jonas-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.04.2009 05:56:52 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.04.2009 05:57:21 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.04.2009 05:57:21 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.04.2009 08:17:48 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.04.2009 um 14:15:37 unerwartet heruntergefahren.
 
Error - 25.04.2009 08:17:14 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 25.04.2009 08:17:50 | Computer Name = Jonas-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---


HOFFE DAS HILFT FÜRS 1.
__________________

Alt 27.12.2010, 10:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert? Hijackthis scan - Standard

Infiziert? Hijackthis scan



Ich wollte zuerst den Vollscan mit Malwarebytes sehen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2010, 12:52   #5
joniboy@gmx.
 
Infiziert? Hijackthis scan - Standard

Infiziert? Hijackthis scan



geht leider nich- gibts irgendwie fehlermeldungen


Alt 29.12.2010, 13:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert? Hijackthis scan - Ausrufezeichen

Infiziert? Hijackthis scan



Zitat:
Zitat von joniboy@gmx. Beitrag anzeigen
geht leider nich- gibts irgendwie fehlermeldungen
"Irgendwelche" ist keine richtige Beschreibung!
__________________
--> Infiziert? Hijackthis scan

Antwort

Themen zu Infiziert? Hijackthis scan
adobe, audacity, avira, bonjour, bootmgr, c:\hiberfil.sys, cache.dat, defender, desktop.ini, downloader, drvstore, ebay, einstellungen, firefox, gmx.de, hiberfil.sys, hijack, hijack this log prüfen, hijackthis, ieframe.dll, inetcpl.cpl, infiziert, infiziert?, installation, internet, internet explorer, iobit, memory.dmp, monte, mozilla, mpsigstub.exe, neu, notepad.exe, programdata, programme, realtek, recycle.bin, scan, schannel.dll, server, shell32.dll, sierra, software, sttray.exe, system, system volume information, temp, trojaner, twain.dll, twunk_32.exe, usp10.dll, viren befall, win32k.sys, windows, wmploc.dll, youtube downloader



Ähnliche Themen: Infiziert? Hijackthis scan


  1. Kann mal jemand schnell über den HiJackThis scan drüber schauen.
    Log-Analyse und Auswertung - 29.03.2012 (72)
  2. HiJackThis Probleme beim Scan
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  3. Avast meldet einen Fehler beim Scan und zwar infiziert von Java: Agent-VN (Expl)
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (1)
  4. Mit "My Computer Online Scan" infiziert?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (25)
  5. HijackThis Logfile zwecks Auswertug. Tastatur spinnt. Ist mein pc noch infiziert?
    Log-Analyse und Auswertung - 12.12.2010 (3)
  6. scan mit hijackThis wegen Virusverdacht!
    Log-Analyse und Auswertung - 29.03.2010 (24)
  7. msa.exe Probleme HiJackThis Scan
    Log-Analyse und Auswertung - 01.12.2009 (7)
  8. HijackThis Scan auswertung
    Log-Analyse und Auswertung - 08.09.2009 (14)
  9. PC mit Spy- oder Malware infiziert? (+HiJackThis-Log)
    Log-Analyse und Auswertung - 21.07.2009 (9)
  10. System Infiziert, trotz HiJackthis
    Mülltonne - 16.11.2008 (0)
  11. Hijackthis logfile pc komplett infiziert
    Log-Analyse und Auswertung - 05.08.2008 (1)
  12. HiJackThis Scan gemacht und nun?
    Mülltonne - 05.09.2007 (2)
  13. Scan mit HiJackThis o.k.??
    Log-Analyse und Auswertung - 23.07.2007 (3)
  14. wininet.dll infiziert - HijackThis-Logfile
    Log-Analyse und Auswertung - 13.10.2005 (13)
  15. Hier mal mein Logfile (Hijackthis Scan) Kann jemand helfen`?
    Log-Analyse und Auswertung - 02.08.2005 (5)
  16. HijackThis 1.99 stürzt sofort ab bei scan
    Log-Analyse und Auswertung - 04.01.2005 (2)
  17. hijackthis scan auswerten
    Log-Analyse und Auswertung - 28.06.2004 (7)

Zum Thema Infiziert? Hijackthis scan - hallo leute, ich bin neu hier und habe ein problem. wenn ich mit hjt so eine vistascanlist anfertige dann finde ich da nur beim groben überfliegen auffällige dateinamen etc. zum - Infiziert? Hijackthis scan...
Archiv
Du betrachtest: Infiziert? Hijackthis scan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.